Suggestions for implementing CSLA authorization roles when they are also data related

Suggestions for implementing CSLA authorization roles when they are also data related

Old forum URL: forums.lhotka.net/forums/t/7508.aspx


Jack posted on Tuesday, August 25, 2009

I have a number of simple roles in my application but they are also dependent on which chunk of data is being worked on.

I have the following hierarchy in my application

Programs

   Program

       Sites

         Site

I have programs/projects as the top level of business object.  The problem is that people have different roles across the different projects and different sites.  There is a different site_admin at each site which is also different in each program.

So when program_id = 400 john has role=program_admin but in program_id = 200 he does not.

Within program_id = 400 and site_id = 47 he is the site_admin but not at program_id=400 and site_id in (41..46)

Obviously in the database it is quite easy as I have my application roles and I have my data_roles that are tied to the entity.  I'm trying to figure out how best to do it in the CSLA authorization.

I don't want to re-read the roles based on a program_id/site_id all the time as you can jump all over the place and that would get confusing.  I've contemplated appending the data_id to the role name and doing something like ProgramAdmin400, SiteAdmin400 and then trying to do the same in my authorization.  It gets a little bit annoying though...

Surely someone else is doing something similar?  Any suggestions.

thanks

jack

 

Copyright (c) Marimer LLC